Release gix-url-v0.27.3: ### New Features · GitoxideLabs/gitoxide

gix-url-v0.27.3
095c673
Unverified

This tag is not signed, but one or more authors requires that any tag attributed to them is signed.

Learn about vigilant mode
Compare

Choose a tag to compare

Loading

View all tags

gix-url-v0.27.3
095c673
Compare

Choose a tag to compare

Loading

View all tags
Unverified

This tag is not signed, but one or more authors requires that any tag attributed to them is signed.

Learn about vigilant mode

Byron tagged this 13 Apr 12:31

 - Add `ArgumentSafety` and `Url::*_as_argument()` methods
   This adds three methods to `Url`:
   
   - `Url::user_as_argument`
- `Url::host_as_argument`
- `Url::path_as_argument`
1. There is no wrapped value (`Absent`).
2. The wrapped value is usable and presumably safe (`Usable`).
3. The wrapped value is dangerous and should not be passed as a
      command-line argument because it could be interpreted as an
      option due to starting with `-`. The value itself may still be
      useful and safe to include in error messages.

### Bug Fixes

 - Prevent usernames with leading `-` from being passed to SSH
   This detects ambiguous usernames in dangerous cases where they
   would be passed to external commands to form SSH connections, if
   they would be misinterpreted as option arguments.
   
   This change is analogous to b06a0dd, hardening `gix-transport` and
   applications that use it against options smuggled in URLs, but for
   the non-mandatory username portion of a URL, rather than the host
   and path portions that were covered there.
   
   For example, commands like these no longer pass `-F...` options to
   `ssh`:
   
   gix clone 'ssh://[email protected]/abc'
   gix clone -- '[email protected]:abc/def'
   
   Instead, they refuse to run `ssh`, producing the error:
   
   Error: Username '-Fconfigfile' could be mistaken for a command-line argument

### Commit Statistics

 - 13 commits contributed to the release over the course of 1 calendar day.
 - 29 days passed between releases.
 - 3 commits were understood as [conventional](https://www.conventionalcommits.org).
 - 0 issues like '(#ID)' were seen in commit messages

### Commit Details

 * **Uncategorized**
    - Prepare changelogs prior to release (5755271)
    - Merge branch 'strange-usernames' (1272542)
    - Refactor `gix-url` (09311b0)
    - Give `ArgumentSafety` traits; test `*_as_argument` methods (1b0af07)
    - Add `ArgumentSafety` and `Url::*_as_argument()` methods (5457998)
    - Sketch *_as_argument methods and supporting enum (29941e6)
    - Give `looks_like_argument` a more accurate name (beef8d2)
    - Prevent usernames with leading `-` from being passed to SSH (f56ad39)
    - Clarify circumstances when *_argument_safe should be used (e8e2463)
    - Expand and introduce tests of more combinations (169a698)
    - Add `Url::user_argument_safe()` (db40382)
    - Prepare for adding Url::user_argument_safe (1bdfdd9)
    - Reorder tests and add username assertion placeholders (6cbe65d)

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly